Tuesday, October 19, 2010

Vsftpd + tcp_wrappers host and user access control



RHEL4 in vsftpd support at compile time has tcp_wrappers, so you can use tcp_wrappers to achieve the host access control.

Before the experiment, first said the implementation of the next order of tcp-wrappers:

First implementation of the hosts.allow, if hosts.allow inside the list, the list of the machine is allowed access; otherwise, then scroll down to hosts.deny, if the hosts.deny list inside, then refused to list the machine access, if also not (that is, which do not allow and deny list) is allowed access to the host.

Real life, host.allow can also set "Reject" feature, so generally only use / etc / hosts.allow for access control can host.

(A) of the host access control

The host (192.168.1.102) to configure vsftpd service, so in addition to 192.168.1.100 192.168.1.0/24 network segment other than to allow other hosts to access the FTP service.

Program very simple, edit / etc / hosts.allow

vsftpd: 192.168.1.100: DENY

vsftpd: 192.168.1.

Restart vsftpd, experimental purposes can be achieved, we can tcp_wrappers in the experiment will do more complex experiments.

(B) User Access Control

vsftpd flexible user access control. In the specific implementation, vsftpd user access control is divided into two categories: the first is the traditional list of users / etc / vsftpd / ftpusers, I understand it as the system list (that is, the system prohibited); second is to improve the user list file / etc / vsftpd / user_list, I understand it as they want to ban list

To realize the second list control must be inside vsftpd.conf

userlist_enable = YES

userlist_deny = YES / / This article is the system default exists, that is also unnecessary to add the system defaults to YES

userlist_file = / etc / vsftpd / usrer_list

The above simple experiment can be achieved vsftpd powerful control.







Recommended links:



Getting Started with Corel Draw 10 (4) hands to create vector graphics (1)



Icons Shop



AVI to FLV



get Yourself a best preowned laptop without



JDK 7 will support the regular expression capture group named



Kaspersky adjourned to the 18 per value Promotions storm



MKV to iPod



File And Disk Management Wizard



Inventory And Barcoding Specialist



Waves Resurgence - Purple VS Sogou Contest



Of the Three Kingdoms 10 field-level research arms of the



Capital TANGLE 3G



2.0 Homogenization



ASF Converter



The possibility of strengthening the domestic soft landing means 3G is EXPECTED in October to distri



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)